diff --git a/values/forgejo/values/values.yaml b/values/forgejo/values/values.yaml
index 78b3a268..2ad37432 100644
--- a/values/forgejo/values/values.yaml
+++ b/values/forgejo/values/values.yaml
@@ -38,6 +38,21 @@ gitea:
     server:
       DOMAIN: git.svc.hel1.obx
       ROOT_URL: https://git.svc.hel1.obx
+      SSH_DOMAIN: git.svc.hel1.obx
+      SSH_PORT: 22
+    oauth2_client:
+      ENABLE_AUTO_REGISTRATION: true
+      UPDATE_AVATAR: true
+      ACCOUNT_LINKING: auto
+  oauth:
+    - name: 'Oceanbox'
+      provider: 'openidConnect'
+      existingSecret: forgejo-oauth-oceanbox
+      autoDiscoverUrl: 'https://auth.oceanbox.io/realms/oceanbox/.well-known/openid-configuration'
+      scopes: 'openid profile email groups'
+      groupClaimName: 'groups'
+      adminGroup: '/oceanbox/admin'
+      restrictedGroup: ''
   additionalConfigFromEnvs:
     - name: FORGEJO__DATABASE__PASSWD
       valueFrom:
@@ -61,6 +76,10 @@ gitea:
           key: host
     - name: FORGEJO__DATABASE__DB_TYPE
       value: postgres
+    - name: FORGEJO__OPENID__ENABLE_OPENID_SIGNIN
+      value: "true"
+    - name: FORGEJO__OPENID__ENABLE_OPENID_SIGNUP
+      value: "true"
 
 ingress:
   enabled: true
@@ -80,10 +99,13 @@ ingress:
       hosts:
         - git.svc.hel1.obx
 
-# service:
-  # ssh:
-    # type: LoadBalancer
-    # port: 22
+service:
+  ssh:
+    type: LoadBalancer
+    port: 22
+    annotations:
+      load-balancer.hetzner.cloud/location: hel1
+      load-balancer.hetzner.cloud/uses-proxyprotocol: 'false'
 
 persistence:
   enabled: true